Social Networking site interrogation and analytics
Human anthropology Versus digital foot printing
Social engineering tricks and exploits
Financial and organisational security
Tracking and identifying offenders, devices, footprints
Temporal analysis of Hidden Web users
Deep web analysis
Exploits, injects and weaponising,
Bitcoin tracking awareness
Covert techniques and tricks.
MAC, IMSI and IMEI evidential value and opportunities
Device attribution
Presented by:
Mark Bentley
Former Child Exploitation and Online Exploitation (CEOP) Data comms Manager, UK National Crime Agency (NCA), and London Metropolitan Police. Full bio below description.
Sponsored by:
Eligibility
STRICTLY Law enforcement, Government, Armed forces and Police ONLY
This 2-day course is designed for government and police investigators, to take the cybercrime and Digital media investigator training to another, far higher level than currently offered elsewhere. This is due to the spectrum of experience of the presenter.
Investigators engaged in open sourcing, (OSINT) analytics, digital media examination and device interrogation will benefit greatly from this course. Public protection, Crime analysts, National security, Pedophile, and Specialist offender units will especially benefit, due to the background and experience of the presenter.
Whilst being an advanced level course, it will be presented from an investigators point of view; to benefit those experienced (but non technical) investigators wishing to attend.
Agenda
The content of this course is unique and not available anywhere else. It will be supported by real world examples and incidents. This is not a general ‘chalk and talk’ course. It will teach you how to achieve results, and expand your thought process as to how. Law enforcement need to step up a gear and attack the growing threats face on.
The course will be a delivery / presentation / awareness format and is strictly restricted to Government and police as it contains new and innovative methodology and techniques.
The session descriptions below are specifically short, as a guide only. We are unable to openly publish the specifics of the techniques without alluding to the methods, which will remain clandestine, but will be fully explored during the sessions. New and innovative methods and techniques explained and shared, but will be up the individual forces and organisations to replicate the methods and procedures due to legal constraints.
Session Description
The course will cover the following topics.
Investigator tradecraft and good practice
Just surfing the web doesn’t evidentially hold up in court any more. In the real investigative world, we add layers of integrity and provenance to evidence, with property bags , statements and other supporting notes to get the evidence to court. Now we have to do the same virtually with online evidence and product. This session will show you good practice and watertight tradecraft in order to provide weighty and substantial evidence in court.
Advanced open source, lateral thinking and problem solving
“Sometimes, you have to stop looking for what you want to find, to find what you are looking for”. This is one of my favourite, and most used phrases that sums this session up entirely. What else can we do that isn’t obvious, to get where we want to get and identify the suspect? This session will show you how to specifically search data, look at non-obvious sources, analyse habit and human nature, and use it as a tool. Can you trust the data you’re searching on? Are you searching all the ways to find data? This session will show you how to have good data hygiene and best practice, add integrity, and widening your virtual gaze.
Open source surfing and intel gathering techniques and tools
There is a fine art and skill to open sourcing in the 21st Century. The investigator needs to know exactly how to ‘talk’ to search engines, to cut away the unnecessary digital flotsam which clouds the results, and get straight to the data required. This session will teach you to return results from search engines in manageable numbers of results - sometimes one page of data specifically and exactly what you were searching for. Just putting data into a search engine is a waste of time. Lets fine tune our requests and save time .
The lecturer runs an encrypted Law enforcement Open source tool site for investigators, based on 15 years of collection of useful tools. Delegates will be trained and familiarized with the 200+ OSINT tools therein, and provided with the password to use them.
Social Networking site interrogation and analytics
Social networking sites are great aren't they? Not from the perspective of the user - I mean that of the perspective of the investigator. We leave so much data on the web, it can lead to building up an extensive profile and leading us onto data we ( and the suspect ) didn't know they were leaving. Lets find it.
Human anthropology Versus digital foot printing
How we live, move and react with the real world is reflected in the digit footprint we leave in the virtual world. This session will look at where to look for clues in the data and footprint, to profile and help identify the person leaving it
Social engineering tricks and exploits
This session gives the delegate an understanding of the origins, impact and harm that the modern criminal social engineer plays in crime and intelligence security in the modern day internet. It covers both attack and defence. Can we identify, exploit and copy their tactics?
Deep web analysis. “Googling it” doesn’t cut the mustard any more. Its great for cheap flights and deals, but not for looking for people, digital shadows and historic footprints. Search engines can see less than a fifth of the Internet. Where else do we need to look? How can we look? What tools are there? Are we just looking at the big sites and should we look at the others? This session will take students deep into the Internet, and surprise many with what we will find, and can achieve, with an emphasis on the mind set, systematic approach and best practice methodology.
Injection and weaponising.
What can be weaponised or injected? How can we do it without detection? The advantages are self explanatory- but what are the pitfalls? What are the legal issues with this type of tracking? Can we do it and if so how?
Tracking Tor users and exploiting system vulnerabilities
Tor is a very difficult nut to crack. What if we stop looking at it and start looking at alternative vulnerabilities – and yes, even Tor has an Achilles heel. Lets have a look at it and start tracking users.
Temporal analysis and attribution. Are we thinking about everything when we track someone online? What sort of digital footprint are they leaving? Are we just looking at the obvious ones or are there some we don’t know about? How can we find out? How do we cut away the giant virtual haystack of data to find the intelligence needle we were looking for? How can we track people successfully, who are adept at ‘hiding’ on the Internet? This session will show you how no one can hide. Attribution of a device to an individual is a major problem for Officers and prosecutors alike. This session will teach you good practice to ensure there is sufficient data to prove attribution to an individual.
Attribution
A headache for most prosecutors and investigators. We can put a device at a location but how do we show who was there with the device.
What other clues are there to prove ownership and use? Let us look at them all.
MAC, IMSI and IMEI evidential value and opportunities
When we look at devices we focus on carrier, provider and capability. But what about The IMSI, MAC and IMEI? what can we do with these? How can we combat attempts by the user to tumble or mask them?
Advanced device tracking and digital non-visual surveillance.
Why does your smart phone battery die in less than a day? Its because it reaches out to the network 250,000 times an hour to allow you to have the very best experience from your provider. But where are these connections being made? Can the carrier see them? Can we see them and where can we find them? Never think ‘ there’s no trace ‘. Have you ever had a case that went ‘cold’? You will be re visiting it after this session.
Bitcoin tracking and exploits.
Have a bitcoin investigation? Can’t track where the money went? In the real world, we can ‘mark bills’. Can we do it with crypto currency? Let us see if we can track it……….
Covert techniques, profiles, identities, legends and tricks
Criminals and bad people play dirty and use dirty tricks. Can we play them at their own game? (Legally). Social engineering, scams, injection, ransomware? Let us brainstorm this and see…
Financial and organisational security
Training for financial institutions and secure organisations re risks and attacks. The view point of the hacker and the would be thief and how that perception or targetting, of the banks Achilles heel , differs from that of the organisation or the IT within that business. Looking at both the attacking strategies and defensive work to future scan and defend against the as yet unseen threat. Live examples given . Also social engineering scams and defence.
Notice
Whilst every effort will be made to avoid, Due to the nature of the course, and live searching in the dark web, students may be exposed to disturbing or sexual images, profanity and graphic content, beyond the control of the presenter.
About the instructor
Mark Bentley is a globally recognised communications data expert, who works as an adviser, trainer and consultant to security services, government and police forces around the world.
His experience is based on 35 years as a detective, which includes experience gained working for the UK National Crime Agency (NCA), Metropolitan police, and Child Exploitation and Online Exploitation (CEOP), in the capacity of overt, reactive and covert operations management.
He has been involved in the tracking of high profile cases, persons and vessels.
He is the Open source expert and lead advisor for forces and government agencies in several countries and advises on data analysis to government agencies, both domestic and abroad. Administrates and runs a leading , dedicated Law enforcement tools site for open sourcing.
His specialist area is device tracking and interrogation, alternative profile digital shadowing, injection and weaponising.
Mark presents this and other subjects to government and law enforcement around the world, both independently, and at ISS world training events. He is a lecturer for International policing organisations, EU cybercrime twinning project, The Council of Europe and The UK College of policing.
Registration
November 2-3, 2017 London, UK
Click Here to Register one person for $1,295 or register two people for $1,995 USD (2 registrations = $997.50 per person)
November 9-10, 2017 Washington, DC
Click Here to Register one person for $1,295 or register two people for $1,995 USD (2 registrations = $997.50 per person)